VYPR
Critical severity9.1NVD Advisory· Published Mar 5, 2026· Updated Apr 15, 2026

CVE-2026-2418

CVE-2026-2418

Description

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

1